Keylogger Running Under Kaspersky 2009
The last posts clearly show It is well known that static virus detection is not something AV vendors do well enough. Now this one is quite a story. As I was researching many trojans I was moving files into and out of my Virtual PC machine used to test viruses. My computer has kaspersky 2009 installed and running with maximum security settings (including keyloggers and kernel object modifications).
I accidentally executed without noticing on my host PC one of the samples I was testing in the VM. I was using my computer as usual and I began noticing some kind of tiny delays when typing a lot of text, the kind of delays I was experiencing when I first wrote my first keylogger. I was completely surprised to have this suspicious since I felt “almost safe” with my updating every 4 hours Kaspersky 2009.
Opening “Process Explorer” I began examining the running processes and noticed some wiered dll files running in all my processes.
They were in system32 and these are the AV test results for these 2 files day (also 2 month ago):
I was surprised by two things:
1) Kaspersky Anti-Keylogger “live protection” compromised all my personal information
2) Symantec was the only AV really detecting this and as a keylogger, which is very funny because their AV is a joke, I will send a few posts about that later
I can’t believe this! I am now uploading the files again to virustotal to see the updated scan results for today and i notice this:
The file was first received by virustotal in 2007.10.23 which is 1 year ago!!!!!!!!!
This only proves us 2 things:
1) The malicious code writers WERE INDEED using virustotal’s “don’t distribute samples to AV vendors” which was lately removed!
2) All Anti-Viruses didn’t detect this wide spread keylogger which is used to steal peoples information for THE LAST YEAR!!!
I here by thank the creator of the matrix for letting me find it on my PC after just 2 days.
Here are today’s result for kbdth2sys.dll:
So after 1 YEAR it has been undetected and 2 MONTH after the AV vendors got my uploaded samples we get this amazing 10 of 36 result which leaves it undetected for: Kaspersky, DrWeb, McAfee, BitDefender, Microsoft, Panda, F-Secure, Fortinet and others…
As for kbdvntcapi.dll after all this, detection hasn’t really changed, 4 heuristic detections and 1 symantec keylogger detection, still a sad story (at least for most people
Well, I uninstalled my kaspersky 2009